CVE-2011-2655
https://notcve.org/view.php?id=CVE-2011-2655
Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld Management (ZHM) 7 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2656. Vulnerabilidad no especificada en ZfHSrvr.exe en Novell ZENworks Handheld Management (ZHM) v7 que permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2011-2656. • http://download.novell.com/Download?buildid=Fz0LYfG9qCU~ http://www.novell.com/support/viewContent.do?externalId=7009489 http://www.securityfocus.com/bid/50303 https://exchange.xforce.ibmcloud.com/vulnerabilities/70831 •
CVE-2010-4229 – Novell ZENworks Asset Management Path Traversal File Overwrite Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4229
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request. Vulnerabilidad de salto de directorio en Componente de inventario en ZENworks Asset Management en Novell ZENworks Configuration Management v10.3 anteriores a v10.3.2 y v11, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección al utilizar caracteres .. (punto punto) en el campo nombre de fichero en una petición de subida de ficheros. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. • http://secunia.com/advisories/44120 http://securityreason.com/securityalert/8207 http://securitytracker.com/id?1025313 http://www.novell.com/support/viewContent.do?externalId=7007841 http://www.securityfocus.com/archive/1/517425/100/0/threaded http://www.securityfocus.com/bid/47295 http://www.vupen.com/english/advisories/2011/0917 http://zerodayinitiative.com/advisories/ZDI-11-118 https://exchange.xforce.ibmcloud.com/vulnerabilities/66656 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-4323 – Novell ZenWorks TFTPD Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4323
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. Desbordamiento de búfer basado en memoria dinámica en novell-tftp.exe en Novell ZENworks Configuration Manager (ZCM) v10.3.1, v10.3.2, y v11.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario a través de una consulta TFTP demasiado larga. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Configuration Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. • https://www.exploit-db.com/exploits/16191 http://secunia.com/advisories/43379 http://securityreason.com/securityalert/8092 http://securityreason.com/securityalert/8094 http://www.novell.com/support/viewContent.do?externalId=7007896 http://www.securityfocus.com/archive/1/516524/100/0/threaded http://www.securityfocus.com/bid/46434 http://www.securitytracker.com/id?1025092 http://www.vupen.com/english/advisories/2011/0425 http://www.zerodayinitiative.com/advisories/ZDI-11-089 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0742
https://notcve.org/view.php?id=CVE-2011-0742
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400. Desbordamiento de búfer en ZfHIPCND.exe para Novell ZENworks Handheld Management v7.0 permite a atacantes remotos ejecutar código de su elección a través de un IP Conduit manipulado al puerto TCP 2400. • http://osvdb.org/70694 http://secunia.com/advisories/43094 http://telussecuritylabs.com/threats/show/FSC20110125-06 http://www.novell.com/support/viewContent.do?externalId=7007663 http://www.securityfocus.com/archive/1/516045/100/0/threaded http://www.securityfocus.com/bid/46024 http://www.securitytracker.com/id?1024993 http://www.vupen.com/english/advisories/2011/0221 http://www.zerodayinitiative.com/advisories/ZDI-11-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/64930 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4299
https://notcve.org/view.php?id=CVE-2010-4299
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400. Un desbordamiento de búfer basado en montículo en ZfHIPCND.exe en Novell ZENworks 7 Handheld Management (ZHM) permite a atacantes remotos ejecutar código de su elección a través de una petición debidamente modificada al puerto TCP 2400. • http://marc.info/?l=full-disclosure&m=128916914213292&w=2 http://secunia.com/advisories/42130 http://www.novell.com/support/viewContent.do?externalId=7007135 http://www.securitytracker.com/id?1024691 http://www.zerodayinitiative.com/advisories/ZDI-10-230 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •